On September 28, 2017, the Commodity Futures Trading Commission (CFTC) settled charges brought against a Commodity Pool Operator (CPO) for failure to supervise its fund administrator’s operation of the commodity pool’s cash account at the pool’s bank. The bank provided online access to daily activity and balance information as well as sending monthly statements to the CPO. The CFTC determined that over the course of three weeks in 2016, the fund administrator received seven fraudulent requests to transfer funds from the commodity pool’s bank account. The requests, which were made by an unknown party who spoofed the email address of the CPO’s managing member, imitated the CPO’s typical transfer requests. Five of the seven requests were processed by the fund administrator, resulting in a $5.9 million loss of pool participants’ funds — 64 percent of the pool’s total capital. Although only the fund administrator had the right to make withdrawals from the bank account, the CPO did not have any procedures in place to monitor the fund administrator’s operation of the pool’s cash account. The CPO was reviewing its monthly account statements, but it was not performing daily reconciliations of the cash account. As a result, the CPO lacked any system to alert it when transactions cleared from the account, and the CPO was unaware of the fraudulent withdrawal activity for 21 days. It only became aware of the withdrawals when it was notified by the administrator.
The order required the CPO to pay a $150,000 civil monetary penalty. The CPO may also face private litigation from fund participants. This Sidley Update reminds fund managers to carefully review their compliance procedures to provide for frequent reconciliation of account balances, including cash accounts, and to ensure proper security around passwords and email to avoid a similar occurrence.
A link to the CFTC settlement order can be found
here.